From: chris.a.st.pierre@gmail.com (Chris St. Pierre)
Date: Mon, 26 Apr 2010 13:48:33 -0500
Subject: [refpolicy] [PATCH] Allow spamd to connect to MySQL via TCP
Message-ID: <t2mc08242931004261148xe0c81f67la5f88a775610a67a@mail.gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Currently, spamd_t is only allowed to connect to a MySQL stream --
i.e., a local MySQL instance, not a remote one via TCP.  This patch
fixes that issue.

diff --git a/policy/modules/services/spamassassin.te
b/policy/modules/services/spamassassin.te
index dd49d31..210a57a 100644
--- a/policy/modules/services/spamassassin.te
+++ b/policy/modules/services/spamassassin.te
@@ -412,6 +412,8 @@ optional_policy(`
 optional_policy(`
        mysql_search_db(spamd_t)
        mysql_stream_connect(spamd_t)
+       corenet_tcp_connect_mysqld_port(spamd_t)
+       corenet_sendrecv_mysqld_client_packets(spamd_t)
 ')

 optional_policy(`

-- 
Chris St. Pierre